Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

27,836 advisories

Loading
Cross site scripting in mobiledoc-kit Moderate
CVE-2022-2932 was published for mobiledoc-kit (npm) Aug 23, 2022
Cross site scripting in yetiforce/yetiforce-crm Moderate
CVE-2022-2890 was published for yetiforce/yetiforce-crm (Composer) Aug 23, 2022
Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial... Moderate Unreviewed
CVE-2021-36857 was published Aug 23, 2022
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba... Moderate Unreviewed
CVE-2021-36847 was published Aug 23, 2022
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape... Moderate Unreviewed
CVE-2021-24910 was published Aug 23, 2022
A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN... Moderate Unreviewed
CVE-2022-32771 was published Aug 23, 2022
A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN... Moderate Unreviewed
CVE-2022-32772 was published Aug 23, 2022
A cross-site scripting (xss) vulnerability exists in the image403 functionality of WWBN AVideo 11... Moderate Unreviewed
CVE-2022-30690 was published Aug 23, 2022
A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo... Critical Unreviewed
CVE-2022-28712 was published Aug 23, 2022
A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection... Critical Unreviewed
CVE-2022-26842 was published Aug 23, 2022
A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN... Moderate Unreviewed
CVE-2022-32770 was published Aug 23, 2022
Cross site scripting in yetiforce/yetiforce-crm Moderate
CVE-2022-2885 was published for yetiforce/yetiforce-crm (Composer) Aug 22, 2022
Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration... Moderate Unreviewed
CVE-2020-23466 was published Aug 20, 2022
DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background - > System - > system... Moderate Unreviewed
CVE-2022-37254 was published Aug 20, 2022
Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0. Moderate Unreviewed
CVE-2022-0542 was published Aug 20, 2022
Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0. Moderate Unreviewed
CVE-2022-1021 was published Aug 20, 2022
In Jellyfin before 10.8, stored XSS allows theft of an admin access token. Moderate Unreviewed
CVE-2022-35910 was published Aug 20, 2022
Incorrect Access Control and Cross Site Scripting in Jellyfin High
CVE-2022-35909 was published for Jellyfin.Common (NuGet) Aug 20, 2022
Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista... Moderate Unreviewed
CVE-2022-35554 was published Aug 20, 2022
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to... Moderate Unreviewed
CVE-2022-29487 was published Aug 19, 2022
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5... Moderate Unreviewed
CVE-2022-28715 was published Aug 19, 2022
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5... Moderate Unreviewed
CVE-2022-30604 was published Aug 19, 2022
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5... Moderate Unreviewed
CVE-2022-33151 was published Aug 19, 2022
A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5... Moderate Unreviewed
CVE-2021-30071 was published Aug 19, 2022
All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross... Moderate Unreviewed
CVE-2022-37063 was published Aug 19, 2022
ProTip! Advisories are also available from the GraphQL API